Law Firm Risk Management Checklist

Pull every active matter from the PMS and confirm the SOL is calendared in two systems (docket + Outlook tickler) per the firm's redundancy rule. PI and med-mal matters are the highest-risk; missed SOL is a near-automatic malpractice claim.

Pull the current declarations page from the malpractice carrier (LawyerGuard, ALPS, CNA, etc.). Confirm policy limits, retroactive date, deductible, and the named-attorney roster match the current firm composition. Flag if the policy lapses within 60 days so the broker has runway.

Open the renewal application early — application questions on prior claims, lateral hires, and high-risk practice areas need partner input. Lapsed coverage even by a day creates a gap that tail / ERP coverage may not fully bridge.

Sample 10% of active matters opened in the last quarter. Verify each engagement letter names the scope, fee structure, billing cadence, and dispute-resolution clause. Scope-creep matters (incorporation expanding into employment advice) are the most common bar grievance source.

Each hearing, response deadline, and SOL must appear in both the firm calendar (Outlook / Google) and the docket system (CalendarRules, Court Alert, or PMS docket). A primary attorney plus second-chair must each be subscribed to reminders at 7-day, 3-day, and 1-day intervals.

Reconcile bank balance, book balance (PMS or QuickBooks), and the sum of individual client ledgers. All three must match to the penny. Bank-reported IOLTA overdrafts are reported to disciplinary counsel in most states — a single penny-level discrepancy is worth chasing.

Note the matter, dollar amount, date, and root cause (bounced retainer, mis-posted disbursement, bank fee charged to IOLTA). Restore the shortfall from the operating account before month-end and notify the managing partner the same day. State bar disclosure may be required depending on the jurisdiction.

No individual client ledger may go below zero, ever — that is commingling under Rule 1.15 regardless of the aggregate IOLTA balance. Sort by ledger balance ascending in Clio Trust or Tabs3 and investigate any negative line.

No disbursement issues against a retainer until the deposit has cleared the bank — typically 7–10 banking days for checks, instant for ACH or wire. Pull the disbursements log and confirm the deposit-clear date on each.

Rule 1.15 requires partner-level oversight of trust accounts. The signature here is the audit-trail artifact the state bar will ask for if there is ever a complaint or random audit.

Pull all matters opened, closed, or amended in the quarter and confirm parties, related entities, opposing counsel, and witnesses are indexed in the conflict system (Clio Conflicts, IntApp Open, or LegalKEY). Stale data is the single most common cause of missed Rule 1.7 conflicts.

For every lateral attorney hired in the past 24 months, confirm the screening memo, DMS access restrictions, and signed acknowledgment are on file. Rule 1.10 imputation kicks in without a documented screen, and disqualification motions are won on screen-paperwork failures.

In NetDocuments, iManage, or SharePoint, pull the access report by matter. Verify only attorneys, paralegals, and assistants assigned to a matter can access its workspace. Departing-staff accounts must be deactivated within 24 hours of separation.

For each active litigation matter, verify the hold notice was issued to all custodians, custodian-interview notes are filed, and the IT freeze on relevant mailboxes is in place. Spoliation sanctions and adverse-inference instructions are a top-three malpractice exposure.

Pull the last 90 days of authentication logs from the DMS and PMS. Flag off-hours logins, failed-login spikes, and bulk download events. Confidentiality breaches under Rule 1.6(c) carry both bar and state breach-notification consequences.

Restore a sample matter, ledger, and document set from the most recent backup into a sandbox. A backup that has never been restored is not a backup. Document the restore time and any data-integrity gaps.

Pull each attorney's CLE transcript from the state bar portal. Confirm general hours, ethics hours, and any state-specific mental-health or diversity hours. License suspension for non-compliance is a 60-day-from-deadline event in most states.

For each non-compliant attorney, identify the deficient hours by category and assign accredited courses with completion dates ahead of the state bar deadline. Notify the managing partner; sustained non-compliance is grounds for partnership review.

Confirm active credentials in PACER + CM/ECF and in every state portal the firm uses (NYSCEF, Texas eFile, File & Serve Xpress). A locked account at 11:30pm on a brief-due night is the recurring nightmare; rotate passwords on a calendar, not on a crisis.

Pull the realization report by responsible attorney. Sustained write-downs above 15% on a given timekeeper signal time-entry quality issues that produce client disputes downstream. Pre-bill edit discipline is the prevention.

Pull NPS or post-matter survey results from Lawmatics, Clio Grow, or the firm's intake CRM. Trace any score below 7 to the responsible attorney and matter for follow-up. Persistent low scores on a single attorney warrant a partnership conversation, not just a process tweak.

Check the firm's mail with the state disciplinary counsel and scan Google, Avvo, and Yelp for new reviews. Bar inquiries have hard response deadlines (typically 14–21 days); the day to start drafting a response is the day the letter arrives, not the day before it's due.

Managing partner reviews the findings across all five risk domains, captures any open remediation items, and signs the quarterly attestation. This artifact is what the malpractice carrier and state bar audits will ask to see.